General

  • Target

    pluh.rar

  • Size

    80KB

  • Sample

    240413-mmefzsfh2v

  • MD5

    73ded24f416e6e70f3440b069ba0b250

  • SHA1

    afb8f7b18f01f7939f2c0a569ebfbc2a384aec4c

  • SHA256

    fb62df7d72d084f755b3eb181c44287fedc95b0e01fd1033e4c60add76432ff7

  • SHA512

    44944136afbf8d4473aa90db8254ff7f4f70ae2f8b5fac87ad538a26d533bfcb6eb5d0ebbcfa6453c01b13e8459a485c26e8cf1a71b24632f54268972c354c18

  • SSDEEP

    1536:HBrFLRy5CWhgOqbBAJBwWU533e0gUHZ82IvEB8M6J2mBTajHBfrSJb:hrFLQw514jU5nJgUDuqnO

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discordapp.com/api/webhooks/1118394761666109480/thDS3oSfSmHsoCQyjlB8zJN33LvfFYhiuSCKRCOwKm_YjjVfoa3nZJjZm8giA5yj1M22

Targets

    • Target

      pluh/external roblox launcher.exe

    • Size

      229KB

    • MD5

      65536dc4bcafc3ee3c1dcf7ed64c12df

    • SHA1

      e1ca248ae2ef47a6b89ad6fb155f4d5ec3674e9c

    • SHA256

      98e7e144b7bc45bd52601d093b1e447cf486bf2e8cd2ba84e8325e2d7b269662

    • SHA512

      25f5043750e42d312b879dcb1b37bc4621790f7402befa21578818c8de6020f1983a984bde79eeaca60b3cd12654fe2dae6e728826e0c4da3794be3519d3bcc2

    • SSDEEP

      6144:OwloZM3fsXtioRkts/cnnK6cMlkCanywvrY8hkijD6yBeb8e1mvpi:PoZ1tlRk83MlkCanywvrY8hkijD6yQiw

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks